From: Dan Fuhry Date: Sun, 23 Mar 2025 01:44:12 +0000 (-0400) Subject: [http/samlproxy] add systemd service, allow username header to be customized X-Git-Url: https://go.fuhry.dev/?a=commitdiff_plain;h=beb68da6867e5c232293ad1be1c87a67c8a203aa;p=runtime.git [http/samlproxy] add systemd service, allow username header to be customized --- diff --git a/http/samlproxy.go b/http/samlproxy.go index c39e6d3..610ab62 100644 --- a/http/samlproxy.go +++ b/http/samlproxy.go @@ -24,6 +24,7 @@ import ( "github.com/crewjam/saml" "github.com/crewjam/saml/samlsp" + "go.fuhry.dev/runtime/mtls" "go.fuhry.dev/runtime/mtls/certutil" "go.fuhry.dev/runtime/utils/hashset" @@ -40,9 +41,10 @@ type Route struct { } type SAMLBackend struct { - Host string `yaml:"host"` - Port int `yaml:"port"` - Identity string `yaml:"mtls_id"` + Host string `yaml:"host"` + Port int `yaml:"port"` + Identity string `yaml:"mtls_id"` + UsernameHeader string `yaml:"username_header"` client *http.Client clientOnce sync.Once @@ -493,8 +495,12 @@ func (sp *SAMLProxy) newHandler() (http.HandlerFunc, error) { if swa, ok := session.(samlsp.SessionWithAttributes); ok { attrs := swa.GetAttributes() - sp.logger.V(3).Debugf("setting origin request header: on-behalf-of: %q", attrs.Get("uid")) - newReq.Header.Set("on-behalf-of", attrs.Get("uid")) + oboHeader := vhost.Backend.UsernameHeader + if oboHeader == "" { + oboHeader = "on-behalf-of" + } + sp.logger.V(3).Debugf("setting origin request header: %s: %q", oboHeader, attrs.Get("uid")) + newReq.Header.Set(oboHeader, attrs.Get("uid")) } if jwts, ok := session.(samlsp.JWTSessionClaims); ok { diff --git a/http/samlproxy/main.go b/http/samlproxy/main.go index 52be074..b8daa03 100644 --- a/http/samlproxy/main.go +++ b/http/samlproxy/main.go @@ -8,6 +8,7 @@ import ( "syscall" "time" + "github.com/coreos/go-systemd/daemon" "gopkg.in/yaml.v3" "go.fuhry.dev/runtime/http" @@ -73,6 +74,8 @@ func main() { server.Addr = *listen go server.ListenAndServeTLS("", "") + daemon.SdNotify(false, daemon.SdNotifyReady) + <-ctx.Done() shutdownCtx, shutdownCancel := context.WithTimeout(context.Background(), 5*time.Second) defer shutdownCancel() diff --git a/http/samlproxy/systemd/saml-proxy@.service b/http/samlproxy/systemd/saml-proxy@.service new file mode 100644 index 0000000..fb6bc36 --- /dev/null +++ b/http/samlproxy/systemd/saml-proxy@.service @@ -0,0 +1,10 @@ +[Unit] +Description=SAML-authenticating proxy instance %i + +[Service] +Type=notify +User=http +ExecStart=/usr/bin/saml-proxy -config=/etc/runtime/saml-proxy/%i.yaml + +[Install] +WantedBy=default.target \ No newline at end of file